Hackers of India

vPrioritizer: Art of Risk Prioritization

By  Pramod Rana  on 08 Sep 2022 @ Nullcon

This talk covers following tools where the speaker has contributed or authored
VPRIORITIZER

Abstract

In today’s time, more vulnerabilities become known to the industry than any organization can triage, action and monitor. It’s safe to assume this count is going to increase furthermore. Along with that aggressive demand for software release to end-users makes it more challenging to keep vulnerability management programs efficient and effective. Due to this, the modern software development process is focusing on reducing the risk rather than eliminating it and vulnerability management is equal to risk prioritization – fix first what matters most.

To overcome these challenges, vPrioritizer is designed with primary objectives as below:

Centralized - must serve as a single pane of glass for vulnerability management, supporting integration with the entire vulnerability management ecosystem Automated - any and every task which can be automated, must be automated Community Analytics - utilization of community analytics to mature the prioritization algorithm over a period of time